 | 1 | initial version |
The answer from @bubbasnmp is almost correct but you need to look at the "Running on ..." section of the output rather than the "Compiled with ..." section to see what Wireshark has found and is using.
With npcap installed I get the following (I have emphasised the important part):
Compiled (64-bit) with WinPcap SDK (WpdPack) 4.1.2, with GLib 2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.9.
Running on 64-bit Windows 10 (1903), build 18362, with Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz (with SSE4.2), with 16225 MB of physical memory, with locale English_United Kingdom.1252, with Npcap version 0.9983, based on libpcap version 1.9.1-PRE-GIT, with GnuTLS 3.6.3, with Gcrypt 1.8.3, with brotli 1.0.2, binary plugins supported (0 loaded).
With WinPcap installed I get the following:
Compiled (64-bit) with WinPcap SDK (WpdPack) 4.1.2, with GLib 2.52.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.14.0, with Lua 5.2.4, with GnuTLS 3.6.3 and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4, with Zstandard, with Snappy, with libxml2 2.9.9.
Running on 64-bit Windows 10 (1903), build 18362, with Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz (with SSE4.2), with 16225 MB of physical memory, with locale English_United Kingdom.1252, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), with GnuTLS 3.6.3, with Gcrypt 1.8.3, with brotli 1.0.2, binary plugins supported (0 loaded).
Wireshark 3.x and later will first check for npcap and if found use that. If it doesn't find npcap then it will fall back to WinPcap. This only affects which user space DLL Wireshark loads, there is no change in functionality as currently Wireshark is compiled with the WinPcap SDK so can only use the API originally exposed by WinPcap that is also supported by npcap. This is why the "Compiled with ... " section does not change regardless of which capture driver is used.
Note that if you install npcap in WinPcap mode then Wireshark will correctly report (by querying the driver) that npcap is being used, i.e. the output of -v will be identical to the first item I've shown above.
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
